New CPUs from AMD, Intel now locked out of Windows Update on Windows 7, 8.1

Last month, we covered news that Microsoft had introduced a KB update that would break Windows Update when running on Kaby Lake or Ryzen hardware from AMD. What was less clear is when the company would actually switch that capability on. Now we know — they did it yesterday.

Ars Technica reports that as of now, Microsoft detects Ryzen or Kaby Lake CPUs running Windows 7 or Windows 8.1 and returns the following message:

Your PC uses a processor that is designed for the latest version of Windows. Because the processor is not supported together with the Windows version that you are currently using, your system will miss important security updates. Please select the “Learn More” link to address the situation.

Microsoft’s philosophy is that because Kaby Lake and Ryzen contain low-level improvements unsupported on previous operating systems, as well as peripherals that didn’t exist when Windows 7 was created, it makes sense to push people towards the latest version of the operating system. To a certain extent, I agree with this. We’ve already seen how AMD’s Ryzen 5 and Ryzen 7 systems can have trouble under Windows 10, because W10 doesn’t natively understand the SenseMI technology that AMD’s newest processors use to adjust their own clock speeds under load. Drivers and UEFI updates are on the way to improve power management, but it can be difficult to shoehorn these capabilities into older operating systems that may not offer the same degree of fine-grained control.

This isn’t even the first time we’ve seen a Microsoft OS fail to run on modern hardware because modern chips are faster than the OS expects, or have capabilities the OS doesn’t know how to drive. That said, there are two things that set this situation apart from any other. First, Microsoft is deliberately killing Windows compatibility by enforcing a software lockout, as opposed to an old OS simply not working properly on new hardware because it was never updated to do so. Second, instead of throwing the problem off on hardware OEMs and driver authors to fix (for example, leaving it up to a hardware vendor to decide whether to support USB 3.0 in Windows 7, or to build NVMe drivers for that operating system), MS is short-circuiting support altogether.

Any company that builds software eventually has to decide when it makes sense to stop supporting certain versions. This isn’t unique to Windows — Apple, Linux distros, and Android all contain their own methods of dealing with support, typically by only offering it for a limited time. But that’s not really what Microsoft is doing here. Windows 7 is still supposed to be receiving security patches through 2020, while Windows 8.1 is still in mainstream support through January 9, 2018:

What Microsoft is doing here is cutting off Windows 7 security support almost three years early (if you own a new CPU) and killing Windows 8.1 security updates nearly six years earlier than it ever has before for prior versions of the OS. It’s a ridiculous, consumer-hostile move with no justifiable reason beyond “Microsoft doesn’t want to support older operating systems through their previously stated support lifetimes, so screw you.” Even Skylake support is questionable — some OEMs got their Skylake systems supported, but many others didn’t. It’s not clear how whitebox or home-built systems are treated either — if you have a Skylake rig, please let us know if you can continue downloading updates for it.

Are there workarounds?

Probably, but none of them are what you’d call convenient. You might be able to create a Windows 7 or Windows 8.1 installation image with the latest security and feature updates. You still won’t be able to update, but at least you’ll have all of the updated software and security fixes current to the day you install the operating system. Alternately, if you have a second system that’s built on a similar CPU or platform, you may be able to install your HDD or SSD into that rig, boot the OS up, and then patch it. The disadvantage to this is that you’ll be stuck moving your OS drive into another computer on a regular basis.

There’s a third possibility: Enterprising users may wind up distributing home-rolled “service packs” with cracked installers to update a system. This might seem as if it fixes the problem altogether, and the Windows user community has certainly rallied before to create alternate OS versions or unofficial service packs. The problem is, there are always cases where Microsoft doesn’t give you a patch because your system, specifically, doesn’t need it. Installing OS updates that your system doesn’t need can be as problematic as installing those it does. Cracked, unofficial service packs are also a lovely way to infect machines with malware.

Back in the days of Windows XP, Microsoft had a simple solution to the problem of pirated / unregistered versions of the operating system. It would refuse to allow you to download various goodies or applications, but made the core security components of Windows available to everyone, even if you weren’t running a registered version of the operating system. Microsoft’s reasoned, correctly, that it was more important to push security updates out to users than it was to punish people who had stolen the OS. Unauthorized computers can still be part of a botnet or security breach, after all.

The company seems to have reversed that calculus, and it’s not hard to see why. Back in the Windows XP days, most people still bought new computers every 3-5 years. Today, manufacturers talk about 7-10 year product cycles — meaning that the number of computers running older versions of its operating systems has grown over time, though Windows 10 did push back a bit against that trend during its first year of life. Microsoft has decided that the only way to truly secure the solution is to push everyone towards Windows 10 and damn the consequences. Enthusiasts will find solutions to these problems — but they won’t likely be as robust as MS just acknowledging the need to keep systems as secure as possible, and not to put its own preferences ahead of the practical need of millions of users.

Also, based on these actions, we’re calling “Mainstream support” a lie. Microsoft clearly doesn’t have a “Mainstream support” mode anymore. A company that reserves the right to unilaterally tear up previous agreements that may have influenced how and when you bought your operating system license has no right to declare itself in “support” of anything except its own bottom line.